package com.kxr.literetrofit.network.ssl;

import com.kxr.literetrofit.RetrofitApplication;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/**
 * 证书管理
 * @author  Kongxr
 **/
public class SSLFactory {

    private static final String TAG = "SSLFactory";
    /*** 获得服务端KeyStore.
     * @param keyStoreStream  证书数据
     * @return KeyStore  		证书库
     * @author  Kongxr
     **/
    public static KeyStore getKeyStore(InputStream keyStoreStream) throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
		KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
		CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
		Certificate certificate = certificateFactory.generateCertificate(keyStoreStream);
		ks.load(null,null);
		ks.setCertificateEntry("xindun",certificate);
		try {
			keyStoreStream.close();
		} catch (IOException e) {
			e.printStackTrace();
		}
		return ks;
    }

    /**
     * 导入信任证书
     * @return SSL的上下文对象
     * @author  Kongxr
     */
    public static SSLContext getSSLContext(String cerName) {
        try {
			InputStream ksIn = RetrofitApplication.getsInstance().getResources().getAssets().open(cerName);
            KeyStore keyStore = getKeyStore(ksIn);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
			SSLContext s_sSLContext = SSLContext.getInstance("TLS");
			s_sSLContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
			return s_sSLContext;
		}catch (KeyStoreException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (CertificateException e) {
			e.printStackTrace();
		} catch (KeyManagementException e){
        	e.printStackTrace();
		}
		return null;
	}

	public static X509TrustManager getTrustManagerFactory(String cerName){

		try {
			InputStream ksIn = RetrofitApplication.getsInstance().getResources().getAssets().open(cerName);
			KeyStore keyStore = getKeyStore(ksIn);
			TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
			trustManagerFactory.init(keyStore);
			TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
			return (X509TrustManager) trustManagers[0];
		} catch (KeyStoreException e) {
			e.printStackTrace();
		} catch (CertificateException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		}
		return null;
	}
}
